Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-389

RampartException: "Unexpected signature" thrown on client side when the service policy requires SignatureConfirmation and it is the only signed element.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.6.2
    • None
    • rampart-core

    Description

      When validating signed parts the PolicyBasedResultsValidator does not handle SignatureConfirmation when receiving the service response. According to the security policy specification the wsse11:SignatureConfirmation element should be covered by the message signature, but rampart validator fails with "Unexpected signature" in case the SignatureConfirmation is the only signed thing in the response message, because it is not added to the list of expected signed parts/elements.

      Attachments

        1. SignatureConfirmationPatch.txt
          0.8 kB
          Stefan Vladov
        2. SignatureConfirmationPolicy.xml
          2 kB
          Stefan Vladov

        Activity

          People

            Unassigned Unassigned
            chefo Stefan Vladov
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: